Control socket directory doesn't exist after systemd stopping service
Alan DeKok
aland at deployingradius.com
Tue Nov 29 21:40:51 UTC 2022
On Nov 29, 2022, at 3:52 PM, Matthew McTague via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I have a weird bug where the control socket directory `/var/run/radiusd` gets deleted after `systemctl stop radiusd`, and `radiusd -X` doesn't re-create it.
Depending on the OS and configuration, the server doesn't create that directory. In this case, it's relying on systemd to create it.
> I'm using the Rocky repo as there's no AlmaLinux repo available, although I'm expecting this would be compatible.
>
> Extra information is below in case it's needed for context.
>
> Excerpt from radiusd -X output:
>
> radiusd: #### Opening IP addresses and Ports ####
> listen {
> type = "control"
> listen {
> socket = "/var/run/radiusd/radiusd.sock"
> mode = "rw"
> peercred = yes
> }
> Failed creating control socket "/var/run/radiusd/radiusd.sock": Failed binding to /var/run/radiusd/radiusd.sock: No such file or directory
Was this run as root? Or as a non-root user?
> The directory doesn't exist:
>
> # ls -lah /var/run/radiusd
> ls: cannot access '/var/run/radiusd': No such file or directory
How about:
$ mkdir /var/runradiusd && radiusd -X
?
> I tried radiusd -X with strace attached, showed the same thing, excerpt below:
> ...
> socket(AF_UNIX, SOCK_STREAM, 0) = 22
> stat("/var/run/radiusd/radiusd.sock", 0x7fff5e30c580) = -1 ENOENT (No such file or directory)
> bind(22, {sa_family=AF_UNIX, sun_path="/var/run/radiusd/radiusd.sock"}, 31) = -1 ENOENT (No such file or directory)
Yup. It's requiring that the directory exist.
Because generally the server shouldn't have write permission to /var/run. That directory is owned by "root", and it's very bad to have a non-root program write to it.
The directory /var/run/radiusd should be owned by "radiusd", and the server should have write permission to that directory.
So... make sure that the directory exists before starting the server in debug mode.
Alan DeKok.
More information about the Freeradius-Users
mailing list